Analysis

  • max time kernel
    108s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2022, 12:53

General

  • Target

    https://gracious-sammet.137-184-95-183.plesk.page/

Score
10/10

Malware Config

Signatures

  • Detected phishing page
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://gracious-sammet.137-184-95-183.plesk.page/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1740

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    33cd1ef1d604ed841b9c52f942e01e4c

    SHA1

    796f5697e31695110b5d8fa0d1fd6a43eff270c1

    SHA256

    241a7c001e2c1a573aec3f2fd681dc0bcc380a471a0e587931b23e3ecc0645b4

    SHA512

    3c8935f066e35732518cf0403b25b78c79729f330f5893c187c87da702cef047d7d865f8adc4b8052adcbea06a3ae06e09cdede9e660e308321bcef7b9e51fc4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    21d5fa5d4a832874b2ac2f491b853175

    SHA1

    2c4ff9e99e3405cf891297d87f6c819a4a45b6bc

    SHA256

    1e87c8e254ed29a302aaa82dad8ac3da196c1a88148a7d8ccd78794ff1de5403

    SHA512

    7bbe9d9c42fbdca3cf6f19476d543cb9518ebb72fad4f722289b11362ae8b2b65ce5edbfbebbb556024141d0b575a4250492b29342ef89f132d3a4b17a198bae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    5d9a0afd0c72c760ed12b43c31d1b82d

    SHA1

    f7902ecc16ecd4f8599d2a45c3d7ba4d81c18ee1

    SHA256

    01f3f62c15a278d92c3ea95f808104de28f64be040796cebcfecb12c18ab2c47

    SHA512

    f1749e81500efeac9f7973255d29fe77ad3ffa7e4f2566a2b6303b833e572b121c7e5c74ffe8cfcbfb8d9bd20ef83625b102bc785dfb0ba1db7c4cd22ae7895b

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat

    Filesize

    4KB

    MD5

    7ad54a8fcde80d6f7b3d38513d778756

    SHA1

    6553e83557ebd8e6a27b754f6ce169c933eb2ee8

    SHA256

    479427ff0816ae9052e28d5abab7ab1a1d331b46e017c39e4e7eef6eaef55563

    SHA512

    84b3f11f39e1c12c0bf08009cd20a8f3dd6125e8181435346c989c772944122a5d19bf259f28419c6abfdfad2f05cac98604f542daf1146da95f2ac5080fd576

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5IBTTECI.txt

    Filesize

    603B

    MD5

    56a96f703a6f16edbf34ecd94e05ea5f

    SHA1

    8497a2ea0cf33319db9e62d5d075942103216c09

    SHA256

    121741ff89f6e0e066866940edfa029e896d3e21029f4e88e4c98b1271b16c34

    SHA512

    87f6730a50e01d7a8a779e4678eb9c3c49f16cd7e08e808215696274688fc4e62da876f81b1fc8aa542fd2b5d90fa466d4b7e8c97f8e31d1749a0d95baac3534